Moderate severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
CVE-2022-41881
CVE-2022-41881
Description
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.netty:netty-codec-haproxyMaven | < 4.1.86.Final | 4.1.86.Final |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-fx2c-96vj-985vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41881ghsaADVISORY
- www.debian.org/security/2023/dsa-5316ghsavendor-advisoryWEB
- github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985vghsaWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlghsamailing-listWEB
- security.netapp.com/advisory/ntap-20230113-0004ghsaWEB
- security.netapp.com/advisory/ntap-20230113-0004/mitre
News mentions
0No linked articles in our index yet.